The House of Lords Committee on Science and Technology made five recommendations in its report on Personal Internet Security last week, and it’s hard to argue with most of what they said. Nobody was spared criticism.
The UK Government, the police, the ISPs and the technology vendors all came in for carefully-worded rebuke for their self-interested complacency. For the most part, they’ve been queuing up ever since to excuse themselves.
Most of these agencies still see the issue as a private problem, no matter that they have each failed in varying ways to live up to their responsibilities for allowing the problem to get worse. If you are a victim of e-crime then that is pretty much all your fault.
You didn’t secure your PC, you chose an ISP that didn’t offer enough security, you chose the wrong bank, or you just opened the wrong email, allowing one of a long list of hellish malware programs to find a home on your equipment. If you actually suffer loss as a consequence then to whom do you report it? Not the police who don’t want to know. It’s a private problem between you and your back, or other private company, says government.
The software industry turns up to help you, but that costs extra. Microsoft vaunted its new version of Windows, Vista, as being secure, unlike its last version, XP, that certainly wasn’t. Then it put the upgrade prices up because it decided that security was an added feature that people must pay more for.
If the same arguments were used when someone is burgled, mugged or has their car stolen, the public would be outraged. Helpfully, the committee came up with some advice to kickstart some long overdue debate. Most of it is remarkably in touch with the underlying problems. Here’s what I made of their main thoughts:
1. Increase the resources and skills available to the police and criminal justice system to catch and prosecute e-criminals.
Correct, but this understates the true extent of the problem in my view. Behind the phrase “resources and skills” lies a complex, expensive and time-consuming challenge that can only be solved by a re-structuring of UK policing.
The truth is that, at the moment, e-crime is another one of problems (like drugs, for instance) the police have no real answer to. As I never tire of saying, the UK probably has ten times as many traffic police as it has trained e-crime officers. E-crime is a low priority because making it a high priority would force the authorities to come up with a strategy to tackle it, and they are way off having that in the works.